Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 19.813735] ================================================================== [ 19.813854] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.813950] Read of size 1 at addr fff00000c4284273 by task kunit_try_catch/223 [ 19.814002] [ 19.814059] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.814149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.814180] Hardware name: linux,dummy-virt (DT) [ 19.814213] Call trace: [ 19.814246] show_stack+0x20/0x38 (C) [ 19.814303] dump_stack_lvl+0x8c/0xd0 [ 19.814354] print_report+0x118/0x608 [ 19.814397] kasan_report+0xdc/0x128 [ 19.814439] __asan_report_load1_noabort+0x20/0x30 [ 19.814489] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.814564] mempool_kmalloc_oob_right+0xc4/0x120 [ 19.814620] kunit_try_run_case+0x170/0x3f0 [ 19.814672] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.814724] kthread+0x328/0x630 [ 19.814772] ret_from_fork+0x10/0x20 [ 19.814821] [ 19.814841] Allocated by task 223: [ 19.814872] kasan_save_stack+0x3c/0x68 [ 19.814915] kasan_save_track+0x20/0x40 [ 19.814952] kasan_save_alloc_info+0x40/0x58 [ 19.814989] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.815030] remove_element+0x130/0x1f8 [ 19.815069] mempool_alloc_preallocated+0x58/0xc0 [ 19.815110] mempool_oob_right_helper+0x98/0x2f0 [ 19.815152] mempool_kmalloc_oob_right+0xc4/0x120 [ 19.815191] kunit_try_run_case+0x170/0x3f0 [ 19.815230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.815274] kthread+0x328/0x630 [ 19.815371] ret_from_fork+0x10/0x20 [ 19.815441] [ 19.815506] The buggy address belongs to the object at fff00000c4284200 [ 19.815506] which belongs to the cache kmalloc-128 of size 128 [ 19.815645] The buggy address is located 0 bytes to the right of [ 19.815645] allocated 115-byte region [fff00000c4284200, fff00000c4284273) [ 19.815730] [ 19.815756] The buggy address belongs to the physical page: [ 19.815791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104284 [ 19.815849] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.815902] page_type: f5(slab) [ 19.815945] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.815994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.816035] page dumped because: kasan: bad access detected [ 19.816065] [ 19.816082] Memory state around the buggy address: [ 19.816118] fff00000c4284100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.816162] fff00000c4284180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.816206] >fff00000c4284200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.816246] ^ [ 19.816287] fff00000c4284280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.816331] fff00000c4284300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.816370] ================================================================== [ 19.857368] ================================================================== [ 19.857567] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.858009] Read of size 1 at addr fff00000c62a42bb by task kunit_try_catch/227 [ 19.858140] [ 19.858840] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.859553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.859911] Hardware name: linux,dummy-virt (DT) [ 19.860047] Call trace: [ 19.860205] show_stack+0x20/0x38 (C) [ 19.860363] dump_stack_lvl+0x8c/0xd0 [ 19.860604] print_report+0x118/0x608 [ 19.860710] kasan_report+0xdc/0x128 [ 19.860810] __asan_report_load1_noabort+0x20/0x30 [ 19.861068] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.861834] mempool_slab_oob_right+0xc0/0x118 [ 19.862542] kunit_try_run_case+0x170/0x3f0 [ 19.863047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.863352] kthread+0x328/0x630 [ 19.863441] ret_from_fork+0x10/0x20 [ 19.863548] [ 19.863589] Allocated by task 227: [ 19.864366] kasan_save_stack+0x3c/0x68 [ 19.864685] kasan_save_track+0x20/0x40 [ 19.864905] kasan_save_alloc_info+0x40/0x58 [ 19.865041] __kasan_mempool_unpoison_object+0xbc/0x180 [ 19.865142] remove_element+0x16c/0x1f8 [ 19.865228] mempool_alloc_preallocated+0x58/0xc0 [ 19.865314] mempool_oob_right_helper+0x98/0x2f0 [ 19.865399] mempool_slab_oob_right+0xc0/0x118 [ 19.865499] kunit_try_run_case+0x170/0x3f0 [ 19.866737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.867090] kthread+0x328/0x630 [ 19.867221] ret_from_fork+0x10/0x20 [ 19.867492] [ 19.867690] The buggy address belongs to the object at fff00000c62a4240 [ 19.867690] which belongs to the cache test_cache of size 123 [ 19.868094] The buggy address is located 0 bytes to the right of [ 19.868094] allocated 123-byte region [fff00000c62a4240, fff00000c62a42bb) [ 19.868256] [ 19.868306] The buggy address belongs to the physical page: [ 19.868375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062a4 [ 19.868487] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.868943] page_type: f5(slab) [ 19.869192] raw: 0bfffe0000000000 fff00000c405d640 dead000000000122 0000000000000000 [ 19.869432] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 19.869569] page dumped because: kasan: bad access detected [ 19.869904] [ 19.869969] Memory state around the buggy address: [ 19.870172] fff00000c62a4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.870466] fff00000c62a4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 19.870730] >fff00000c62a4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 19.870826] ^ [ 19.870915] fff00000c62a4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.871521] fff00000c62a4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.871727] ================================================================== [ 19.828755] ================================================================== [ 19.828910] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.829114] Read of size 1 at addr fff00000c6bb6001 by task kunit_try_catch/225 [ 19.829276] [ 19.829370] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.829670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.829744] Hardware name: linux,dummy-virt (DT) [ 19.830028] Call trace: [ 19.830396] show_stack+0x20/0x38 (C) [ 19.830565] dump_stack_lvl+0x8c/0xd0 [ 19.830661] print_report+0x118/0x608 [ 19.830970] kasan_report+0xdc/0x128 [ 19.831250] __asan_report_load1_noabort+0x20/0x30 [ 19.831365] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.831496] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 19.831670] kunit_try_run_case+0x170/0x3f0 [ 19.831823] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.831963] kthread+0x328/0x630 [ 19.832081] ret_from_fork+0x10/0x20 [ 19.832223] [ 19.832294] The buggy address belongs to the physical page: [ 19.832399] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106bb4 [ 19.832567] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.832665] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.832848] page_type: f8(unknown) [ 19.833037] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.833137] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.833542] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.833706] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.833827] head: 0bfffe0000000002 ffffc1ffc31aed01 00000000ffffffff 00000000ffffffff [ 19.833944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.834040] page dumped because: kasan: bad access detected [ 19.834111] [ 19.834150] Memory state around the buggy address: [ 19.834235] fff00000c6bb5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.834358] fff00000c6bb5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.834556] >fff00000c6bb6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.834807] ^ [ 19.834907] fff00000c6bb6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.835075] fff00000c6bb6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.835164] ==================================================================
[ 20.280217] ================================================================== [ 20.280968] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 20.281391] Read of size 1 at addr ffff8881029812bb by task kunit_try_catch/245 [ 20.281851] [ 20.283166] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 20.283455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.283482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.283549] Call Trace: [ 20.283578] <TASK> [ 20.283622] dump_stack_lvl+0x73/0xb0 [ 20.283682] print_report+0xd1/0x650 [ 20.283734] ? __virt_addr_valid+0x1db/0x2d0 [ 20.283784] ? mempool_oob_right_helper+0x318/0x380 [ 20.283833] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.283881] ? mempool_oob_right_helper+0x318/0x380 [ 20.283932] kasan_report+0x141/0x180 [ 20.283979] ? mempool_oob_right_helper+0x318/0x380 [ 20.284044] __asan_report_load1_noabort+0x18/0x20 [ 20.284089] mempool_oob_right_helper+0x318/0x380 [ 20.284142] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 20.284200] ? finish_task_switch.isra.0+0x153/0x700 [ 20.284259] mempool_slab_oob_right+0xed/0x140 [ 20.284302] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 20.284344] ? dequeue_task_fair+0x166/0x4e0 [ 20.284400] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 20.284446] ? __pfx_mempool_free_slab+0x10/0x10 [ 20.284507] ? __pfx_read_tsc+0x10/0x10 [ 20.284556] ? ktime_get_ts64+0x86/0x230 [ 20.284609] kunit_try_run_case+0x1a5/0x480 [ 20.284666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.284787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.284933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.285106] ? __kthread_parkme+0x82/0x180 [ 20.285202] ? preempt_count_sub+0x50/0x80 [ 20.285245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.285280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.285313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.285345] kthread+0x337/0x6f0 [ 20.285375] ? trace_preempt_on+0x20/0xc0 [ 20.285436] ? __pfx_kthread+0x10/0x10 [ 20.285531] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.285568] ? calculate_sigpending+0x7b/0xa0 [ 20.285609] ? __pfx_kthread+0x10/0x10 [ 20.285642] ret_from_fork+0x41/0x80 [ 20.285674] ? __pfx_kthread+0x10/0x10 [ 20.285704] ret_from_fork_asm+0x1a/0x30 [ 20.285748] </TASK> [ 20.285763] [ 20.304755] Allocated by task 245: [ 20.305550] kasan_save_stack+0x45/0x70 [ 20.305883] kasan_save_track+0x18/0x40 [ 20.306114] kasan_save_alloc_info+0x3b/0x50 [ 20.306357] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 20.307335] remove_element+0x11e/0x190 [ 20.308093] mempool_alloc_preallocated+0x4d/0x90 [ 20.308360] mempool_oob_right_helper+0x8a/0x380 [ 20.308638] mempool_slab_oob_right+0xed/0x140 [ 20.308881] kunit_try_run_case+0x1a5/0x480 [ 20.309116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.309394] kthread+0x337/0x6f0 [ 20.310144] ret_from_fork+0x41/0x80 [ 20.311023] ret_from_fork_asm+0x1a/0x30 [ 20.311418] [ 20.311999] The buggy address belongs to the object at ffff888102981240 [ 20.311999] which belongs to the cache test_cache of size 123 [ 20.312590] The buggy address is located 0 bytes to the right of [ 20.312590] allocated 123-byte region [ffff888102981240, ffff8881029812bb) [ 20.313813] [ 20.313953] The buggy address belongs to the physical page: [ 20.314216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102981 [ 20.315869] flags: 0x200000000000000(node=0|zone=2) [ 20.316467] page_type: f5(slab) [ 20.317021] raw: 0200000000000000 ffff888101ad4dc0 dead000000000122 0000000000000000 [ 20.317398] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 20.317900] page dumped because: kasan: bad access detected [ 20.318176] [ 20.318299] Memory state around the buggy address: [ 20.319442] ffff888102981180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.319960] ffff888102981200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 20.320460] >ffff888102981280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 20.320965] ^ [ 20.321358] ffff888102981300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.322798] ffff888102981380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.323328] ================================================================== [ 20.173398] ================================================================== [ 20.174381] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 20.175009] Read of size 1 at addr ffff888103c6a173 by task kunit_try_catch/241 [ 20.176649] [ 20.176938] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 20.177070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.177108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.177171] Call Trace: [ 20.177212] <TASK> [ 20.177275] dump_stack_lvl+0x73/0xb0 [ 20.177342] print_report+0xd1/0x650 [ 20.177387] ? __virt_addr_valid+0x1db/0x2d0 [ 20.177465] ? mempool_oob_right_helper+0x318/0x380 [ 20.177557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.177654] ? mempool_oob_right_helper+0x318/0x380 [ 20.177737] kasan_report+0x141/0x180 [ 20.177812] ? mempool_oob_right_helper+0x318/0x380 [ 20.177908] __asan_report_load1_noabort+0x18/0x20 [ 20.177985] mempool_oob_right_helper+0x318/0x380 [ 20.178069] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 20.178148] ? dequeue_entities+0xa24/0x1790 [ 20.178234] ? finish_task_switch.isra.0+0x153/0x700 [ 20.178326] mempool_kmalloc_oob_right+0xf2/0x150 [ 20.178393] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 20.178444] ? dequeue_task_fair+0x166/0x4e0 [ 20.178557] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.178622] ? __pfx_mempool_kfree+0x10/0x10 [ 20.178656] ? __pfx_read_tsc+0x10/0x10 [ 20.178687] ? ktime_get_ts64+0x86/0x230 [ 20.178724] kunit_try_run_case+0x1a5/0x480 [ 20.178762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.178792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.178828] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.178861] ? __kthread_parkme+0x82/0x180 [ 20.178893] ? preempt_count_sub+0x50/0x80 [ 20.178926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.178960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.178993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.179024] kthread+0x337/0x6f0 [ 20.179055] ? trace_preempt_on+0x20/0xc0 [ 20.179090] ? __pfx_kthread+0x10/0x10 [ 20.179122] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.179153] ? calculate_sigpending+0x7b/0xa0 [ 20.179183] ? __pfx_kthread+0x10/0x10 [ 20.179215] ret_from_fork+0x41/0x80 [ 20.179244] ? __pfx_kthread+0x10/0x10 [ 20.179276] ret_from_fork_asm+0x1a/0x30 [ 20.179320] </TASK> [ 20.179334] [ 20.203258] Allocated by task 241: [ 20.204057] kasan_save_stack+0x45/0x70 [ 20.205146] kasan_save_track+0x18/0x40 [ 20.206114] kasan_save_alloc_info+0x3b/0x50 [ 20.207182] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.208262] remove_element+0x11e/0x190 [ 20.209142] mempool_alloc_preallocated+0x4d/0x90 [ 20.209641] mempool_oob_right_helper+0x8a/0x380 [ 20.209973] mempool_kmalloc_oob_right+0xf2/0x150 [ 20.210442] kunit_try_run_case+0x1a5/0x480 [ 20.211583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.212464] kthread+0x337/0x6f0 [ 20.213192] ret_from_fork+0x41/0x80 [ 20.213889] ret_from_fork_asm+0x1a/0x30 [ 20.214539] [ 20.214976] The buggy address belongs to the object at ffff888103c6a100 [ 20.214976] which belongs to the cache kmalloc-128 of size 128 [ 20.216155] The buggy address is located 0 bytes to the right of [ 20.216155] allocated 115-byte region [ffff888103c6a100, ffff888103c6a173) [ 20.217696] [ 20.218163] The buggy address belongs to the physical page: [ 20.218740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c6a [ 20.219796] flags: 0x200000000000000(node=0|zone=2) [ 20.220388] page_type: f5(slab) [ 20.220756] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.221415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.222068] page dumped because: kasan: bad access detected [ 20.222348] [ 20.222990] Memory state around the buggy address: [ 20.223258] ffff888103c6a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.223648] ffff888103c6a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.224015] >ffff888103c6a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.224486] ^ [ 20.226216] ffff888103c6a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.226590] ffff888103c6a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.227655] ================================================================== [ 20.235389] ================================================================== [ 20.236256] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 20.236844] Read of size 1 at addr ffff888103cb6001 by task kunit_try_catch/243 [ 20.237202] [ 20.237361] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 20.237456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.237482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.238000] Call Trace: [ 20.238029] <TASK> [ 20.238064] dump_stack_lvl+0x73/0xb0 [ 20.238120] print_report+0xd1/0x650 [ 20.238170] ? __virt_addr_valid+0x1db/0x2d0 [ 20.238215] ? mempool_oob_right_helper+0x318/0x380 [ 20.238270] ? kasan_addr_to_slab+0x11/0xa0 [ 20.238316] ? mempool_oob_right_helper+0x318/0x380 [ 20.238367] kasan_report+0x141/0x180 [ 20.238453] ? mempool_oob_right_helper+0x318/0x380 [ 20.238561] __asan_report_load1_noabort+0x18/0x20 [ 20.238633] mempool_oob_right_helper+0x318/0x380 [ 20.239110] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 20.239216] ? dequeue_entities+0xa24/0x1790 [ 20.239304] ? finish_task_switch.isra.0+0x153/0x700 [ 20.239393] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 20.239580] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 20.240072] ? dequeue_task_fair+0x166/0x4e0 [ 20.240134] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.240179] ? __pfx_mempool_kfree+0x10/0x10 [ 20.240225] ? __pfx_read_tsc+0x10/0x10 [ 20.240273] ? ktime_get_ts64+0x86/0x230 [ 20.240327] kunit_try_run_case+0x1a5/0x480 [ 20.240379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.240462] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.240538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.240590] ? __kthread_parkme+0x82/0x180 [ 20.240634] ? preempt_count_sub+0x50/0x80 [ 20.240686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.240737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.240788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.240837] kthread+0x337/0x6f0 [ 20.240882] ? trace_preempt_on+0x20/0xc0 [ 20.240931] ? __pfx_kthread+0x10/0x10 [ 20.240978] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.241024] ? calculate_sigpending+0x7b/0xa0 [ 20.241068] ? __pfx_kthread+0x10/0x10 [ 20.241115] ret_from_fork+0x41/0x80 [ 20.241158] ? __pfx_kthread+0x10/0x10 [ 20.241223] ret_from_fork_asm+0x1a/0x30 [ 20.241298] </TASK> [ 20.241315] [ 20.255106] The buggy address belongs to the physical page: [ 20.255751] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cb4 [ 20.256513] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.257060] flags: 0x200000000000040(head|node=0|zone=2) [ 20.257519] page_type: f8(unknown) [ 20.257929] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.258688] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.259410] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.260195] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.260834] head: 0200000000000002 ffffea00040f2d01 00000000ffffffff 00000000ffffffff [ 20.261667] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.262281] page dumped because: kasan: bad access detected [ 20.262802] [ 20.263082] Memory state around the buggy address: [ 20.263620] ffff888103cb5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.264215] ffff888103cb5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.264805] >ffff888103cb6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.265303] ^ [ 20.265586] ffff888103cb6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.265929] ffff888103cb6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.266261] ==================================================================
[ 21.366781] ================================================================== [ 21.367945] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 21.368668] Read of size 1 at addr ffff000010b842bb by task kunit_try_catch/283 [ 21.369347] [ 21.369513] CPU: 3 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.369565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.369579] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.369597] Call trace: [ 21.369609] show_stack+0x20/0x38 (C) [ 21.369643] dump_stack_lvl+0x8c/0xd0 [ 21.369675] print_report+0x118/0x608 [ 21.369705] kasan_report+0xdc/0x128 [ 21.369734] __asan_report_load1_noabort+0x20/0x30 [ 21.369768] mempool_oob_right_helper+0x2ac/0x2f0 [ 21.369805] mempool_slab_oob_right+0xc0/0x118 [ 21.369834] kunit_try_run_case+0x170/0x3f0 [ 21.369872] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.369911] kthread+0x328/0x630 [ 21.369945] ret_from_fork+0x10/0x20 [ 21.369978] [ 21.375998] Allocated by task 283: [ 21.376324] kasan_save_stack+0x3c/0x68 [ 21.376698] kasan_save_track+0x20/0x40 [ 21.377069] kasan_save_alloc_info+0x40/0x58 [ 21.377481] __kasan_mempool_unpoison_object+0xbc/0x180 [ 21.377977] remove_element+0x16c/0x1f8 [ 21.378357] mempool_alloc_preallocated+0x58/0xc0 [ 21.378811] mempool_oob_right_helper+0x98/0x2f0 [ 21.379259] mempool_slab_oob_right+0xc0/0x118 [ 21.379684] kunit_try_run_case+0x170/0x3f0 [ 21.380091] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.380615] kthread+0x328/0x630 [ 21.380938] ret_from_fork+0x10/0x20 [ 21.381288] [ 21.381441] The buggy address belongs to the object at ffff000010b84240 [ 21.381441] which belongs to the cache test_cache of size 123 [ 21.382568] The buggy address is located 0 bytes to the right of [ 21.382568] allocated 123-byte region [ffff000010b84240, ffff000010b842bb) [ 21.383745] [ 21.383900] The buggy address belongs to the physical page: [ 21.384417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b84 [ 21.385151] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 21.385765] page_type: f5(slab) [ 21.386080] raw: 03fffe0000000000 ffff00000ca9e500 dead000000000122 0000000000000000 [ 21.386797] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 21.387505] page dumped because: kasan: bad access detected [ 21.388020] [ 21.388173] Memory state around the buggy address: [ 21.388621] ffff000010b84180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.389288] ffff000010b84200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 21.389954] >ffff000010b84280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 21.390617] ^ [ 21.391089] ffff000010b84300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.391755] ffff000010b84380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.392417] ================================================================== [ 21.341424] ================================================================== [ 21.342519] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 21.343229] Read of size 1 at addr ffff0000103b2001 by task kunit_try_catch/281 [ 21.343894] [ 21.344052] CPU: 2 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.344089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.344099] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.344112] Call trace: [ 21.344121] show_stack+0x20/0x38 (C) [ 21.344145] dump_stack_lvl+0x8c/0xd0 [ 21.344169] print_report+0x118/0x608 [ 21.344191] kasan_report+0xdc/0x128 [ 21.344211] __asan_report_load1_noabort+0x20/0x30 [ 21.344236] mempool_oob_right_helper+0x2ac/0x2f0 [ 21.344262] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 21.344289] kunit_try_run_case+0x170/0x3f0 [ 21.344315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.344344] kthread+0x328/0x630 [ 21.344369] ret_from_fork+0x10/0x20 [ 21.344393] [ 21.350435] The buggy address belongs to the physical page: [ 21.350943] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0 [ 21.351664] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.352358] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 21.352998] page_type: f8(unknown) [ 21.353323] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.354027] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.354730] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.355440] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.356150] head: 03fffe0000000002 fffffdffc040ec01 00000000ffffffff 00000000ffffffff [ 21.356860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.357565] page dumped because: kasan: bad access detected [ 21.358071] [ 21.358216] Memory state around the buggy address: [ 21.358656] ffff0000103b1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.359311] ffff0000103b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.359965] >ffff0000103b2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.360615] ^ [ 21.360917] ffff0000103b2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.361571] ffff0000103b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.362223] ================================================================== [ 21.312441] ================================================================== [ 21.313482] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 21.314209] Read of size 1 at addr ffff00000c992a73 by task kunit_try_catch/279 [ 21.314887] [ 21.315052] CPU: 3 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.315104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.315118] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.315137] Call trace: [ 21.315149] show_stack+0x20/0x38 (C) [ 21.315181] dump_stack_lvl+0x8c/0xd0 [ 21.315213] print_report+0x118/0x608 [ 21.315243] kasan_report+0xdc/0x128 [ 21.315272] __asan_report_load1_noabort+0x20/0x30 [ 21.315306] mempool_oob_right_helper+0x2ac/0x2f0 [ 21.315342] mempool_kmalloc_oob_right+0xc4/0x120 [ 21.315379] kunit_try_run_case+0x170/0x3f0 [ 21.315416] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.315455] kthread+0x328/0x630 [ 21.315489] ret_from_fork+0x10/0x20 [ 21.315523] [ 21.321566] Allocated by task 279: [ 21.321893] kasan_save_stack+0x3c/0x68 [ 21.322265] kasan_save_track+0x20/0x40 [ 21.322637] kasan_save_alloc_info+0x40/0x58 [ 21.323049] __kasan_mempool_unpoison_object+0x11c/0x180 [ 21.323554] remove_element+0x130/0x1f8 [ 21.323933] mempool_alloc_preallocated+0x58/0xc0 [ 21.324387] mempool_oob_right_helper+0x98/0x2f0 [ 21.324834] mempool_kmalloc_oob_right+0xc4/0x120 [ 21.325288] kunit_try_run_case+0x170/0x3f0 [ 21.325694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.326218] kthread+0x328/0x630 [ 21.326540] ret_from_fork+0x10/0x20 [ 21.326890] [ 21.327043] The buggy address belongs to the object at ffff00000c992a00 [ 21.327043] which belongs to the cache kmalloc-128 of size 128 [ 21.328175] The buggy address is located 0 bytes to the right of [ 21.328175] allocated 115-byte region [ffff00000c992a00, ffff00000c992a73) [ 21.329350] [ 21.329503] The buggy address belongs to the physical page: [ 21.330020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc992 [ 21.330746] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 21.331358] page_type: f5(slab) [ 21.331672] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 21.332388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.333096] page dumped because: kasan: bad access detected [ 21.333611] [ 21.333763] Memory state around the buggy address: [ 21.334211] ffff00000c992900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.334877] ffff00000c992980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.335544] >ffff00000c992a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.336206] ^ [ 21.336839] ffff00000c992a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.337505] ffff00000c992b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.338166] ==================================================================